Secure and Streamlined: Credential Management in RPA Hub
Credential management is not just a technical necessity, it is a fundamental aspect of an overall security strategy of a business. It plays a critical role in protecting sensitive data, ensuring compliance, improving operational efficiency, and supporting the scalability of the business. By investing in robust credential management practices, businesses can mitigate risks, enhance security, and create a more efficient and secure working environment for their employees.
With the Xanadu release of RPA Hub, a new way of credential management configuration has been introduced, making it more streamlined and centralized. This update allows you to manage credentials more efficiently, ensuring that your automation workflows are secure and scalable.
What is Credential Management?
Credential management in RPA Hub allows you to create and manage credential groups that can be reused across multiple bot processes. Instead of configuring credentials individually for each bot process, you can define a credential group, comprising of robot credentials and its corresponding TOTP credential, application credentials, and external credentials, that can then be associated with various bot processes.
Why Credential Management Matters?
For RPA release managers, administrators, and developers, credential management offers several key benefits:
- Increased Productivity: Define credentials once and reuse them across multiple bot processes to save time and reduce redundancy.
- Error Reduction: Minimize errors by using centralized credential management instead of configuring credentials repeatedly for each process.
- Enhanced Security: Securely retrieve credentials from an external storage system, such as an external credential vault, to protect sensitive information.
Note: The current system in the above diagram is valid till the Washington release. However, from the Xanadu release, the New system is introduced.
Types of Credentials in RPA Hub
1. Robot Credentials:
- These credentials allow robots to log into Windows machines to perform automated tasks.
2. Application Credentials:
- Application credentials are used by robots to log into specific applications during automation.
3. TOTP Authentication:
- Time-based One-time Password (TOTP) seeds enable the unattended robots to authenticate seamlessly against multi-factor authentication (MFA)-enabled applications. MFA-enabled applications provide additional security for users and their accounts
4. Credential Groups:
- Credential groups combine robot and application credentials, making it easier to manage credentials across multiple bot processes.
5. External Credential Vault:
- An external credential vault allows you to store and retrieve credentials from an external source rather than using ServiceNow’s credential records.
Use Case: Credential Management in an HR Automation Scenario
Scenario Overview:
An HR department manages a large volume of sensitive employee information, such as personal details, payroll data, and performance records, across multiple systems. Automating HR tasks like payroll processing, employee onboarding, and performance reviews requires secure access to these systems.
Challenge:
The HR automation bot needs to access various applications, such as payroll software, HR management systems (HRMS), and secure databases, each requiring different credentials. Manually managing these credentials poses a risk of security breaches and inefficiencies.
Solution:
Implementing a Credential Management system in the RPA Hub helps the HR department securely and efficiently automate their processes. Here’s how:
1. Centralized Credential Storage:
All credentials (e.g., payroll system login, HRMS access, database credentials) are stored securely in an external credential vault. This vault is integrated with the RPA Hub.
2. Credential Groups:
Create a credential group named "HR-Credential Group" and associate it with the corresponding Robot credential and Application credential. Now, consider three different HR automation processes: payroll processing, onboarding, and performance evaluations. Each of these processes utilizes the same credential structure, including the Robot credential, TOTP, Application credential, and External credential, all within the HR-Credential Group. This HR-Credential Group is then linked to these three bot processes.
3. Bot Process Integration:
The HR automation robot retrieves the necessary credentials from the credential vault as it executes. For example, during payroll processing, the robot uses the stored credentials to securely access the payroll system, retrieve employee data, and process payments.
4. Time-Based One-Time Password (TOTP) for Enhanced Security:
For accessing highly sensitive systems, TOTP can be used. The robot retrieves the TOTP seed from the external credential vault, generating a secure one-time password for each session, ensuring that even if credentials are compromised, unauthorized access is prevented.
By using Credential Management in RPA Hub, the HR department can automate complex processes securely, ensuring that sensitive employee information is protected while improving overall operational efficiency.
Conclusion:
Effective credential management is crucial for optimizing your RPA operations. With the Xanadu release of RPA Hub, managing credentials centrally becomes more streamlined, enhancing both security and productivity. Whether you are an RPA release manager, administrator, or developer, you can easily create and associate credential groups with unattended bot processes. Additionally, the option to set up an external credential vault allows you to securely retrieve robot credentials, application credentials, or Time-based One-time Password (TOTP) seeds from external sources. This seed, a critical component of the authenticator, is used to generate TOTP, adding an extra layer of security. By understanding and leveraging the access controls and capabilities surrounding credential management, you can streamline your automation processes while maintaining robust security protocols.
